Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
JANUARY 2018CIOAPPLICATIONS.COM9awareness training. But we think they're going to go a long way toward helping our employees make a strong connection between security risks and their day-to-day work experience.3. Create Master Data DefendersWe're now developing a "master" version of our Data Defenders program where employees volunteer to take formal, specialized training to understand the security gaps and risks in their specific areas of the business. I would help them set goals, and once they achieve them, they would earn the designation of a "Master Data Defender." The company would recognize their success and provide them with a financial reward.The whole idea of this master program is to encourage employees who are already passionate about information security to learn even more, and then take that knowledge back to their department. They become our experts "on the ground," helping other employees become more security-minded.4. Get Buy-In at the TopI am convinced that no information security program will succeed unless a company's leadership also feels passionate about the cause of improving security, and views it as a critical part of business strategy. The good news is that top leadership, busy as they are, will likely be receptive. That includes the board of directors. The `National Association of Corporate Directors' (NACD) 2016­2017 Public Company Governance Survey found that almost one-quarter of boards are dissatisfied with the reporting that management provides on cybersecurity. So, there is clearly an opportunity to reach out, and I encourage you to do so sooner than later. You also might want to consider enlisting help from internal audit leadership, given that they already have the ear of senior management and the board.Information security risks are always changing, so your program must keep changing, too. Most breaches can be prevented if a human does something differently--not clicking on a link, not opening a suspicious attachment, keeping passwords secure, the list goes on. Our job is to equip our employees with relevant knowledge they can use to keep our business secure. Front line defense is ultimately the best offense in keeping your data secure. To turn your workforce into a team of information security advocates, you need to make security personal to them
< Page 8 | Page 10 >